1. Home
  2. Cisco Systems
  3. initialize a vpn connection from the router itself

initialize a vpn connection from the router itself

I configure a router 877 at home to connect to my office router via IPSEC. It works great but I have a small problem that I can not initiate a VPN connection when I ping my office network from my router itself.

I have to ping from one of my workstations at home in order to initialize the VPN connection if it is not established yet.

Is there any way for me to do it from the router itself ? I need to do this because sometimes I access to my router remotely and want to do some tests.

Thanks for your help,

DT

Reply to
dt1649651
Loading thread data ...

Hi,

Have you tried using an extended ping? This allows you to ping from a specific interface on the router. I imagine your VPN match access-lists imply the internal networks on both sides?

Type "ping" hit enter hit enter again for the default "protocol ip" enter destination ip address hit enter till you get the extended commands (y) and type in the source ip address being your internal interface on the router.

Rob.

Reply to
RobO

Hi Walter,

Thanks for explanation. Yes, I turned on the debug and I saw that but dunno how to pass it. I am sure there is a way to do it because when I used the SDM, it asked me if I want it to test by itself ( it means it will run commands from the router ) or by an external workstation.

DT

Reply to
dt1649651

Thanks Rob for the "extended" command. Yes, it works !

DT

Reply to
dt1649651

Thanks for your reply, Scooby. My home network does not have a static IP address ( I wish I had ) . I do not need to keep the connection alive all the time. I want to try different VPN configurations between my 877 and my work router so I can apply them to my co-workers's home networks, therefore I have to close and initiate the VPN connections.

My problem is on the ACL for the protected networks. As Walter and Rob suggested, I used the extended ping command and it works.

DT

Reply to
dt1649651

Does your home network have a static IP address? If not, then your work router probably just has the connection address of 0.0.0.0 associated to that connection. Given that, there is no way for the work router to know how to connect to your home. One option is to have some keep alives going across the network which will keep the connection up. If you have a routing protocol on the vpn connection, then your home router should always keep the connection open.

Reply to
Scooby

In article , snipped-for-privacy@yahoo.com wrote: :I configure a router 877 at home to connect to my office router via :IPSEC. It works great but I have a small problem that I can not :initiate a VPN connection when I ping my office network from my router :itself.

Yeah, that happens. I think if you check your ACL that describes what is to be tunneled, you will find that the outside IP address of the router itself is not listed as a tunnel source.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.